RToken Fails to Properly Scale Token Amounts with Interest Index
Summary
The RToken contract fails to maintain proper scaling of token amounts relative to the interest index throughout its lifecycle, affecting both minting and burning operations. This breaks the core interest accrual mechanism of the protocol.
Vulnerability Details
The contract incorrectly handles scaled amounts in two critical operations:
During Minting (Deposits):
During Burning (Withdrawals):
Example scenario:
Initial State:
Index = 1.0
User deposits 100 crvUSD
Current Implementation:
Deposit (Index = 1.0):
Calculates scaled = 100/1.0 = 100
Mints 100 rTokens (incorrect)
Time passes, Index = 1.1
User balance shows: 100 1.1 = 110 crvUSD
Withdrawal: ( exact rTokens = 100)
Burns 100 rTokens
Receives 100 crvUSD (missing interest)
Cannot withdraw remaining 10 crvUSD interest
Withdrawal: ( user balance = 110 )
Burns 110 rTokens -> will revert
Impact
Users lose accrued interest due to improper scaling
Tools Used
Manual Review
Recommendations
Consistently use scaled amounts throughout the minting and burning cycle to account for any interest accrued
Lead Judging Commences
DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations
RToken::burn transfers original deposit amount (amount) to users instead of amount plus interest (amountScaled), causing loss of all accrued interest on withdrawals
DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations
RToken::burn transfers original deposit amount (amount) to users instead of amount plus interest (amountScaled), causing loss of all accrued interest on withdrawals
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.